Field of the Invention
The invention of this disclosure is drawn generally to methods and systems for facilitating financial transaction over various networks. More particularly, the invention of this disclosure is drawn to methods and systems for transacting over public and private networks utilizing an identifying certificate from a smart card.
Description of Related Art
With the current exponential growth in the number of Internet users comes an equal amount of growth in the number of buyers and sellers seeking to do electronic-type business. In accordance with the average customer's expectation of having shopping at his/her fingertips, is the customer's equally high expectation that payment should be quick and easy and expense should be minimized. Unfortunately, the current methods of purchasing and paying for goods and/or services either, for example, over the Internet via point-of-service (POS) terminals, personal computers (PCs), personal digital assistants (PDAs), set-top boxes or wireless devices, involve significant transaction costs. These transaction costs include fees paid by the merchant to credit verification companies and the risk of fraud, borne by both the merchant and customer when using current payment schemes. Consequently, a key issue that is currently driving the electronic commerce industry is security.
A first conventional method of transacting business over the public networks involves a merchant, a customer, and an account servicer. In practicing this method, the account servicer provides hardware and/or software to the customer that includes credit or debit information and a public key encryption file. The customer then may use the hardware or software, to make a purchase over an unsecured network, such as the Internet. When the customer inserts the hardware into an appropriate reader or runs the software, the customer's purchase information is encrypted with a public key from the public key file and is sent to the merchant. The merchant is not in possession of the private key and consequently, cannot read the encrypted file information, such as the customer's credit card number. The merchant then adds his own purchase information and forwards the entire encrypted message to the account servicer for authorization to proceed with the transaction. The account servicer then decrypts the message with the appropriate private key and informs the merchant as to whether or not to proceed with the transaction. This method of transacting still uses the existing credit card verification infrastructure.
A second conventional method of doing business between a customer and a merchant, whether from a POS terminal or from a PC, via the Internet, requires multiple parties including at least the merchant, a merchant acquirer, a credit card account issuer, a merchant bank and of course, the consumer. In some instances, another bank, a customer's bank, separate from the credit card account issuer, is also a party. In practicing this method, a customer would, for example, enter a website for a product that the customer wishes to purchase and enters name, address, product information, and credit card number and expiration. This information will go through a merchant acquirer who the merchant pays to handle the authorization of credit card transactions. This merchant acquirer probably represents hundreds of merchants and handles all of their transactions by just sorting through the purchase requests from customers, finding which credit card issuers need to be contacted for authorization and performing the authorization. For example, there are a number of different credit cards available to consumers such as MasterCard™, Visa™, Discover™, and Diners Club™, each one of which may require a separate line for authorization. The merchant acquirer gets paid by the merchant to handle all of the sorting and sending through the conventional credit authorization lines. After the credit card transaction is authorized, the merchant must further deal with the settlement network in order to actually see his account credited while the credit card holder's account is debited. There are many transaction costs involved in this method of transacting electronically. Each of these transactions, in addition to the assumptions of liability, are reflected in the prices charged to customers. Further, there is still a security issue involved since there are multiple parties who are dealing with the customer's credit card information.
A third method of making a purchase over a network involves the use of electronic funds transfer instruments, commonly referred to as electronic checks. In practicing this method of transacting electronically using electronic funds transfer instruments, the customer obtains software which allows him to create an electronic check either in response to the receipt of an authenticated payment request from a merchant or on his own volition. In all instances, the parties involved hold the necessary public keys to decrypt the private key encrypted digital signatures and certificates of each of the other parties. So, when the customer sends the digitally signed electronic check to the merchant, along with a certificate issued by the customer's bank and appropriate account, the merchant utilizes a public key to decrypt the information. Once satisfied with the information, the merchant digitally endorses the electronic check and appends his own banking information to the check and deposits the check with his own bank. The merchant's bank must then institute conventional clearing procedures and eventually return the processed electronic check to the customer's bank, for further settlement procedures on that end. In short, this method of electronic check payment, while adding an element of convenience, still requires the same clearing and settlement procedures as are necessary for the processing of “paper checks.” Further, the customer's personal financial information is bounced around among a number of parties, along multiple private and public networks, the latter being quite susceptible to “electronic break-ins” resulting in increased occurrences of fraud.
It would be advantageous to minimize the transaction costs associated with current payment schemes and to limit the number of parties who are privy to the personal financial information of the customer, as well as the merchant, during electronic transactions. The lowering of a merchant's costs of doing business will be reflected in the price charged to the customer for the desired goods and/or services.